package com.yugao.fintech.draper.auth.configure;

import com.yugao.fintech.draper.security.authentication.password.DaoAuthenticationProvider;
import org.springframework.context.annotation.Bean;
import org.springframework.core.annotation.Order;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
import org.springframework.security.web.SecurityFilterChain;

/**
 * 开启和Web相关的安全配置
 */
@EnableWebSecurity
public class WebSecurityConfigure {
	/**
	 * 默认安全策略过滤器链
	 */
	@Bean
	@Order(0)
	SecurityFilterChain defaultSecurityFilterChain(HttpSecurity http) throws Exception {
		http.authorizeRequests(authorizeRequests -> authorizeRequests
			// gitee授权请求
			//.antMatchers("/gitee/authorize/*")
				.requestMatchers("/gitee/authorize/*")
			.permitAll()
			// gitee授权码
			//.antMatchers("/gitee/code/*")
				.requestMatchers("/gitee/authorize/*")
			.permitAll()
			//.antMatchers("/configuration")
				.requestMatchers("/configuration")
			.permitAll()
			// 自定义token端点
			//.antMatchers("/token/*")
				.requestMatchers("/token/*")
			.permitAll()
			// 其他路径都需要授权
			.anyRequest()
			.authenticated())
				.headers()
				.frameOptions()
				.sameOrigin()
				.and()
				.csrf()
				.disable();
		http.authenticationProvider(new DaoAuthenticationProvider());
		return http.build();
	}

	@Bean
	@Order(0)
	SecurityFilterChain resources(HttpSecurity http) throws Exception {
		http.securityMatchers((matchers) -> matchers.requestMatchers("/actuator/**", "/css/**", "/error"))
			.authorizeHttpRequests((authorize) -> authorize.anyRequest().permitAll())
			.requestCache()
			.disable()
			.securityContext()
			.disable()
			.sessionManagement()
			.disable();
		return http.build();
	}
}
